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THE  HUMAN  DIMENSION  OF  NETWORK  SECURITY 


“Well-coordinated  attacks  by  fewer  than  30  computer  virtuosos... with  a  budget  of 
less  than  $1 0  million,  could  bring  the  United  States  to  its  knees.” 

— Center  for  Strategic  and  International  Studies 

The  transformation  of  the  US  military  relies  on  new  technology  and  lethal  targeting  to 
wage  rapid,  standoff  wars  with  limited  casualties.  Our  doctrine  and  force  structure  is  built 
around  network  operations,  advances  in  information  processing,  and  expectations  of  network 
performance.  Precision  technology  has  led  our  politicians  to  use  the  information  age  to  guide 
our  strategic  policy  decisions  and  minimize  exposure  of  American  troops.^  Not  surprisingly, 
spurred  by  advances  in  Information  Technology  (IT),  two  of  Secretary  of  Defense  Rumsfeld’s  six 
Transformation  goals  are  to,  “Protect  information  networks,”  and,  “Use  information  technology  to 
link  forces  to  fight  jointly.”^  Additionally,  “Leveraging  and  enabling  interdependent  Network- 
Centric  warfare”  is  one  of  the  Army  Chief  of  Staffs  focused  areas.® 

Network-centric  warfare  has  a  direct  impact  on  our  military’s  force  structure.  The 
Department  of  Defense's  (DOD's)  Military  Transformation:  A  Strategic  Approach  discusses 
globalization  of  communications  and  its  affect  on  US  strategy  and  planning.  It  states  that, 
“Transformation  is  necessary  to  ensure  that  U.S.  forces  continue  to  operate  from  a  position  of 
overwhelming  military  advantage... We  cannot  afford  to  react  to  threats  slowly  or  have  large 
forces  tied  down  for  lengthy  periods.”^  It  adds  that  DOD  must  “move  from  an  approach  based 
on  geographically  contiguous  massing  of  forces  to  one  based  on  achieving  effects.”® 

Networking  provides  greater  situational  awareness  and  is  a  key  enabler  of  DOD’s 
transformation. 

However,  DOD  networks  remain  susceptible  to  attacks  caused  by  human  error,  insider 
threats,  espienage,  and  deliberate  hacking,  potentially  creating  a  tremendous  loss  of  information 
security.  Despite  DOD’s  best  efforts,  malicious  activity  continues  to  climb.  Since  the  US 
military  is  so  heavily  dependent  en  networked  informatien,  our  opponents  know  that  both  the 
data  and  connectivity  are  a  valuable  target.  The  military's  network  operations  and  information 
processing  capability  may  become  our  center  ef  gravity  and  the  focus  of  an  adversary’s  efferts.® 
The  incentive  to  penetrate  the  network,  followed  by  intercepting,  contaminating,  stealing,  or 
even  destroying  data  will  be  enormous.^  This  in  turn  creates  preblems  for  weapons  systems 
depending  on  computers  for  their  performance,  er  commanders  depending  en  computers  to 
manage  information  on  today’s  complicated  battlefield.®  Altheugh  DOD  can  defeat  hackers 
most  of  the  time,  most  of  the  time  is  not  good  enough  when  the  lives  of  American  Soldiers  are  at 


stake.  There  will  always  be  preblems  with  our  networks  and  the  associated  ievei  of  risk  couid 
resuit  in  the  ioss  of  American  iives. 

This  paper  wiii  provide  a  background  on  the  reduction  in  the  miiitary’s  force  structure 
over  the  past  two  decades,  foiiowed  by  a  description  of  the  Giobai  Information  Grid  (GIG)  and 
the  advantages  of  network-centric  warfare.  It  will  then  focus  on  human  vulnerabilities  and  their 
impact  on  DOD  networks.  This  argument  wiii  be  substantiated  by  describing  cryptography  and 
the  access/security  tradeoff,  giving  the  exampie  of  the  German  Enigma  cipher,  and  by  providing 
evidence  on  personnei  reiiabiiity,  insider  threats,  hacking,  and  other  forms  of  non-cooperative 
access.  It  will  also  address  how  attacks  on  our  critical  infrastructure  impact  the  GIG.  Finally, 
this  paper  wiii  offer  recommendations  to  confront  these  chaiienges. 

BACKGROUND 

With  the  end  of  the  Coid  War,  downsizing  the  US  miiitary  was  inevitabie.  In  the  past  two 
decades,  the  US  Army  downsized  from  1 8  Active  Divisions  and  781 ,000  soidiers  to  1 0  Active 
Divisions  and  480,000  soidiers.  Much  of  the  reason  was  economic;  a  smaiier  force  wouid  save 
money.  Another  reason,  however,  was  the  miiitary’s  ability  to  ieverage  the  advantages  of  the 
information  age,  inciuding  cyber  warfare  and  sateilite  iinks.  These  advances  in  iT,  combined 
with  surveiiiance  and  precision  weapons  technoiogies,  have  permitted  a  radicaliy  new  way  in 
which  we  project  power,  reducing  manpower  requirements  and  reiiance  on  industriai-age 
miiitary  forces.®  Generai  Schoomaker  has  now  ordered  division  commanders  to  expiore  ways  of 
reorganizing  their  units  into  moduiar,  capabiiities-based  ground  forces  without  adding  more 
troops  or  equipment.’®  Rather  than  increasing  the  Army’s  end  strength,  he  contends  that  better 
information  wiii  aiiow  smaiier  forces  to  be  used  more  effectiveiy. 

IT  is  now  inherent  in  our  doctrine.  Severai  documents  expiain  how  the  miiitary  wiii  operate 
in  the  information  age.  Among  them  are  the  Chairman  of  the  Joint  Chiefs  of  Staff's  Joint  Vision 
2020  and  DOD's  Joint  Pubiication  3-13,  Joint  Doctrine  for  information  Operations .  Joint  Vision 
2020  addresses  the  transformation  of  our  miiitary  and  fuii  spectrum  dominance.  In  order  to 
attain  these  goais,  the  miiitary  must  steadiiy  infuse  new  technoiogy  and  modernize.  Joint 
Pubiication 3-1 3  defines  information  Operations  (10)  as  “actions  taken  to  affect  adversary 
information  and  information  systems  whiie  defending  one’s  own  information  and  information 
systems.’’"  This  pubiication  aiso  recognizes  the  roie  of  defensive  10  in  protecting  our  networks. 
Fuli  dimensionai  protection  exists  when  the  joint  force  can  decisiveiy  achieve  its  mission  with  an 
acceptabie  degree  of  risk  in  both  the  physicai  and  information  domains.’® 
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THE  GLOBAL  INFORMATION  GRID  AND  THE  ADVANTAGES  OF  NETWORK-CENTRIC 
WARFARE 

The  demand  for  a  GIG  was  driven  by  concerns  regarding  the  integration  of  automated 
information  systems  and  the  need  for  information  and  decision  superiority  expressed  in  Joint 
Vision  2020.  The  GIG  is  defined  as  a  “Giobaily  interconnected,  end-to-end  set  of  information 
capabilities,  associated  processes,  and  personnei  forcoiiecting,  processing,  storing, 
disseminating,  and  managing  information  on  demand  to  warfighters,  poiicy  makers,  and  support 
personnei.”'^  In  layman’s  terms,  it  may  be  compared  to  the  World  Wide  Web,  as  it  is  used  to 
collect  and  disseminate  information.  But  the  GIG  is  much  more  than  that.  It  is  comprised  of 
both  owned  and  leased  communications,  computing  systems,  and  other  services  required  to 
achieve  information  superiority.  It  includes  DOD’s  Classified  Network  (SIPRNet),  Unclassified 
Network  (NIPRNet),  1 ,500  bases,  posts,  and  stations,  100,000  Local  Area  Networks  (LANs), 
and  250-500  million  World  Wide  Web  users.  The  Defense  Information  Systems  Agency  (DISA) 
coordinates  the  GIG's  long  haul  connectivity  for  DOD  and  supports  40  million  calls  and  2,000 
video  conference  monthly  for  joint  task  forces  worldwide  and  policy  makers  from  the  National 
Command  Authority  to  the  shooter.  The  GIG  is  a  “system  of  systems”  connecting 
reconnaissance  satellites,  fusion  centers,  weapons  platforms,  commanders,  and  soldiers  in  the 
field,  allowing  the  military  to  locate  and  engage  with  speed  and  efficiency  while  jeopardizing  the 
lives  of  fewer  soldiers.^'* 

The  GIG  is  essential  for  network-centric  warfare.  It  plays  a  pivotal  role  in  the  military’s 
transformation  and  ultimately  in  winning  wars.  With  enhancements  in  C4ISR,  (command, 
control,  communications,  computers,  intelligence,  surveillance,  and  reconnaissance),  data 
concerning  targets,  movement  of  forces,  and  levels  of  equipment  and  supplies  is  collected, 
processed,  stored,  and  displayed  rapidly  and  seamlessly  at  different  locations  and  levels  around 
the  globe.'®  It  is  argued  that  the  GIG  improves  the  warfighting  capability  of  our  forces  by 
significantly  reducing  uncertainty,  allowing  collaboration  for  joint  and  asynchronous  operations, 
and  enabling  the  commander  to  achieve  information  superiority.  The  GIG  has  enabled  the 
military  to  become  lighter,  faster,  and  more  lethal.'® 

During  OPERATION  IRAQI  FREEDOM  (OIF),  perhaps  the  first  war  of  the  information  age, 
the  fog  of  war  was  lifted  to  a  much  greater  extent  than  in  previous  campaigns,  as  megabytes  of 
real-time  data  and  imagery  flowed  back  and  forth  between  the  front  lines  and  decision  makers  in 
remote  command  centers.  Dramatic  advances  in  technology  provided  greater  fidelity,  vastly 
improving  the  agility  and  interoperability  of  our  units."'  Three  brigades  of  the  3'®  Infantry 
Division  were  able  to  monitor  each  other’s  activity  enroute  to  Baghdad,  despite  being  stretched 
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out  over  300  miles.^®  General  Franks,  the  Commander  of  Central  Command  during  OIF,  stated 
that,  “Real-time  communications  and  a  common  operating  picture  gave  battlefield  cemmanders 
for  the  first  time  infermation  about  the  precise  location  and  status  of  their  troops.’”®  Fie  added 
that  the  most  important  lesson  learned  frem  that  eperatlon  Is  that,  “networked  forces  rule  the 
battlefield.’’®® 

HUMAN  VULNERABILITIES  AND  THEIR  IMPACT  ON  DOD  NETWORKS 

Access  to  the  GIG  can  be  a  great  advantage  yet  a  great  risk.  In  order  to  achieve  a  shared 
sense  of  battlespace,  individuals  must  have  access  te  Infermatien  and  be  able  to  connect  tc  the 
netwerk  In  a  variety  of  ways.  So  too  can  the  hacker.  As  a  result  of  global  connectivity,  “a  risk  to 
one  is  a  risk  to  all.”®^  As  the  werld’s  sele  superpewer,  and  with  the  global  war  on  terrorism  in  full 
swing,  nontraditional  adversaries,  such  as  the  hacker,  vandal,  criminal,  or  terrorist,  are  of 
particular  concern  In  the  Information  domain.  Since  our  enemies  cannot  compete  with  us  on  the 
conventional  battlefield,  our  computing  systems  create  a  number  of  vulnerable  fronts.  The 
penetration  of  one  point  of  defense  may  create  havoc  throughout  the  netwerk  as  Information 
security  is  compromised  and  data  is  intercepted,  contaminated,  or  even  destroyed  leading  to 
significant  command  and  control  problems.®® 

CRYPTOGRAPHY  AND  THE  ACCESS/SECURITY  TRADEOFF 

The  strengest  toel  for  controlling  most  kinds  of  security  threats  is  cryptography. 
Cryptography,  or  secret  writing,  uses  higher  mathematics,  computational  complexity,  and 
probability  and  statistics  to  disguise  data  so  that  It  cannot  be  read,  modified,  or  fabricated  easily. 
Although  cryptography  is  the  best  defensive  measure  fer  network  security,  even  perfect 
cryptography  is  not  sufficient,  as  it  requires  humans  te  avoid  sloppy  network  behavior  and  not  to 
get  turned  or  captured.  Another  important  issue  is  the  time  it  takes  to  decipher  a  message  so 
that  the  scrambling  and  unscrambling  do  not  deter  or  delay  users  from  completing  their 
mission.®®  For  example,  a  25-character  message  expressed  In  just  uppercase  letters  has  26  ®® 
possible  decipherments.  A  cemputer  that  could  perform  1 0  operations  per  second  would 
require  10"  years  te  decipher  the  message.®''  Without  the  proper  code,  it  would  take  an 
unautherized  user  several  lifetimes  to  decipher  a  message,  by  which  time  the  content  would  no 
longer  be  useful. 

Theeretically,  hackers  can  be  beaten  with  the  right  cryptography,  but  hackers  can 
penetrate  our  networks  because  of  the  dilemma  between  easy  access  and  rebust  security, 
otherwise  known  as  the  access/security  tradeoff.®®  In  bulk  encryption,  each  layer  of  security  Is 
net  cniy  expensive,  but  Introduces  a  latency  which  decreases  operatienal  responsiveness.®®  It 
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may  take  a  firewall  only  milliseconds  to  decrypt  a  packet  and  analyze  its  content,  causing  little  to 
no  operational  impact.  However,  when  the  firewall  filters  or  blocks  the  port  upon  which  the 
message  has  been  sent,  latency  could  be  indefinite.^^  This  could  lead  to  significant 
consequences  for  military  forces  relying  on  networks  and  data  to  conduct  operations.  Thus,  the 
extent  of  computer  security  ends  up  being  a  tradeoff  between  putting  the  computer  to  use  and 
restricting  misuse.^® 

THE  ENIGMA  CIPHER 

An  example  of  a  captured  cryptography  device  we  have  observed  in  history  is  the  Enigma 
cipher  machine.  The  Enigma  was  a  mechanical  cryptographic  tool  used  by  the  Germans  in 
World  War  II  to  scramble  messages.  It  was  based  on  revolving  rotors  that  were  wired  together 
on  a  typewriter  keyboard.  There  were  so  many  ways  to  encrypt  messages  with  the  Enigma, 
that  it  would  take  1 ,000  analysts,  trying  four  different  ways  per  minute,  24  hours  a  day,  seven 
days  a  week,  1 .8  billion  years  to  test  them  all.  The  technology  appeared  to  offer  perfect 
information  security,  yet  broke  because  of  human  user  fallibility  which  enabled  the  Allies  to 
crack  the  codes.^® 

In  1 938,  a  Polish  mechanic  was  employed  in  a  factory  in  Eastern  Germany,  which  was 
making  what  he  judged  to  be  secret  signaling  machines.  After  being  sent  back  to  Poland,  the 
mechanic  got  in  touch  with  a  British  agent  in  Warsaw,  and  was  soon  smuggled  to  Paris,  where 
he  was  able  to  make  a  wooden  mock-up  of  the  machine.  The  British  Secret  Intelligence  Service 
(SIS)  quickly  realized  it  would  be  essential  to  get  a  hold  of  an  actual  machine  if  they  were  to 
stand  any  chance  of  trying  to  break  its  code.  With  the  help  of  the  Polish  Secret  Service,  the 
British  successfully  smuggled  an  Enigma  back  to  England.  Later  in  the  war,  other  Enigmas 
were  obtained  from  a  shot  down  German  aircraft  and  from  a  German  Tank  Signals  unit.  In  May 
1941,  the  Navy  captured  a  German  U  boat,  complete  with  an  Enigma  and  chart  of  operating 
keys.^" 

The  SIS  was  located  at  Bletchley  Park,  fifty  miles  north  of  London.  At  Bletchley,  along 
with  the  Government  Code  and  Cypher  School,  the  SIS  set  out  to  break  the  Enigma  code.  By 
using  captured  Enigmas,  making  use  of  likely  chatter  about  daily  events,  and  guessing  that  the 
Germans  would  be  discussing  certain  places  or  issues,  the  British  found  sections  of  scrambled 
text  that  could  be  related  to  cleartext.  They  also  concentrated  on  Luftwaffe  messages. 

Luftwaffe  signalmen  often  used  girlfriends'  names  for  key  settings,  or  would  begin  a  second 
message  with  the  same  key  setting  as  the  previous  message.  This  knowledge  helped  the  Allies 
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break  the  Enigma  code  and  determine  the  Luftwaffe's  pians  during  the  Battie  of  Britain.^' 
Inteiiigence  gathered  from  Enigma  significantiy  contributed  to  the  Aiiies’  victory  in  Worid  War  II. 

PERSONNEL  RELIABILITY  AND  THE  INSIDER  THREAT 

The  story  of  the  Enigma  cipher  machine  shows  us  that  new  technologies  remain 
vulnerable  to  human  error,  often  caused  by  complacency.  Used  correctly  and  protected 
properly,  Enigma’s  code  was  unbreakable.  But  a  spy  gave  away  its  existence,  capture  provided 
the  equipment  and  codebooks,  and  sloppy  user  behavior  gave  British  code  breakers  critical 
help.  It  was  the  people,  not  the  technology,  that  undermined  Enigma.  Could  the  same  thing 
happen  today? 

Even  when  dangerous  technologies  are  used  and  lives  are  at  stake,  our  unchanging 
fallibility  remains.  For  example,  according  to  the  U.S.  General  Accounting  Office,  human  error 
contributed  to  75%  of  the  most  serious  US  military  aircraft  accidents  in  1 994  and  1 995. 
Additionally,  the  Union  of  Concerned  Scientists  of  ten  nuclear  power  plants  found  that  80%  of 
reported  problems  in  nuclear  power  plants  resulted  from  worker  mistakes  or  poorly  designed 
procedures.  In  November  1999,  the  Institute  of  Medicine  of  the  U.S.  National  Academy  of 
Sciences  reported  that  medical  errors  cause  more  deaths  each  year  in  the  US  than  AIDS  or 
breast  cancer.  For  all  the  risks  involved,  much  of  the  day-to-day  work  of  the  individuals  dealing 
with  these  technologies  is  quite  boring.  This  leads  to  a  monotonous  working  environment,  a 
lack  of  vigilance,  and  individuals  not  paying  close  attention  to  the  task  at  hand.^^  These  same 
kinds  of  human  errors  threaten  DOD  networks. 

DISA’s  Field  Security  Operations  (FSO)  Division  provides  Information  Assurance  (lA) 
support  to  DOD  organizations  to  include  the  Combatant  Commands.  lA  employs  multilevel 
security,  intrusion  detection  software,  and  other  access  controls  to  defend  information  and 
information  systems,  as  well  as  measures  for  availability  and  reliability  of  information.®^  FSO 
reviews  programs  with  the  goal  of  raising  the  lA  posture  of  DOD.  Their  teams  have  identified 
consistent  deviations  from  DOD  requirements  in  the  following  areas:  lA  documentation  is  often 
incomplete  or  missing,  configuration  management  programs  which  protect  the  system  while  it  is 
being  designed  and  maintained®''  are  not  in  place,  and  physical  protection  of  the  SIPRNet  is 
marginal.  Web  cameras  were  found  in  secure  areas  capable  of  observing  a  terminal  on  a 
classified  network,  and  foreign  nationals  were  found  in  areas  where  the  SIPRNet  (a  US-only 
network)  was  present.  Lack  of  due  diligence  also  leads  to  fielding  new  systems  without 
consideration  of  security  implications.  For  example,  at  least  one  command  introduced  Voice 
over  Internet  Protocol  into  the  network  environment  before  it  was  patched  for  virus  protection.®® 
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Although  most  DOD  employees  want  to  do  a  good  job,  64%  of  the  249  unauthorized  DOD 
Intrusions  reported  In  the  first  quarter  of  FY04  resulted  from  poor  security  practices.®®  Even 
though  the  means  are  available  to  plug  holes  In  network  security,  too  few  Individuals  and 
organizations  take  advantage  cf  them. 

As  we  have  become  increasingly  dependent  on  Information  systems,  the  overwhelming 
focus  of  attention  on  the  vulnerability  of  the  Naticn’s  netwcrks  has  been  deveted  to  computer 
crime  and  security  attacks  from  external  seurces,  exemplified  by  the  President’s  Commission  on 
Critical  Infrastructure  Protection.  Yet,  lessee  due  to  Insiders  greatly  outweigh  these  due  to 
hackers  and  other  external  sources.  According  to  the  Computer  Security  Institute's  1998 
Computer  Crime  Survey,  the  average  cost  of  a  hacker  penetraticn  was  $56,000,  while  Insider 
attacks  cast  companies  $2.7  million .  A  study  conducted  by  the  United  Nations  Commission  on 
Crime  and  Criminal  Justice,  which  surveyed  3,000  Virtual  Address  Extensicn  sites,  found  that 
the  greatest  security  threat  came  from  employees  or  other  insiders  with  access  to  computers.®^ 

A  significant  security  risk  arises  when  the  trusted  insider,  a  dissenter  or  disgruntled 
employee,  crashes  the  system  or  corrupts  Information  with  viruses.  Now,  an  Individual 
associated  with  a  network  can  significantly  damage  an  organization  at  great  speed,  cr  could 
bring  an  entire  network  down.  These  may  be  individuals  tasked  with  the  design,  maintenance 
and  operatien  ef  networks  who  hold  positions  of  unprecedented  importance  and  trust. 
Malevolence  on  the  part  of  an  insider  can  have  grave  consequences,  and  the  range  of 
perpetrators  and  their  possible  mctivatlons  Is  broad.  In  many  cases,  sabotage  has  been 
committed  by  disgruntled  employees  who  are  angry  about  lay-offs  or  transfers.  Other 
employees  may  take  advantage  cf  their  pcsition  for  financial  gain.  Overall,  the  number  of 
computer-related  offenses  committed  by  trusted  insiders  is  rising  rapidly  each  year.  Acccrding 
to  WarRoom  Research's  1996  Information  Systems  Security  Survey,  nearly  63%  cf  the 
ccmpanles  surveyed  reported  Insider  threats  tc  their  networks.®® 

Some  experiences  drawn  from  the  civilian  sector  can  lend  perspectives  cn  the  likely  scale 
of  the  Insider  threat  to  the  GIG.  Additicnally,  evidence  Indicates  that  DOD  Is  net  Invulnerable  to 
such  threats.  A  number  cf  cleared  military  service  members,  DOD  or  contractor  employees 
commit  acts  of  espionage  each  year.  Between  1975  and  1999,  the  Defense  Personnel  Security 
Research  Center  reported  105  cases  of  espionage,  including  the  names  cf  former  National 
Security  Agency  (NSA)  staffers  and  Army  communicatiens  personnel.  These  were  just  the 
Individuals  who  were  caught,  suggesting  a  lower  bound  on  the  actual  number  of  acts  of 
espionage.  In  1 998,  David  Shelden  Boone,  a  farmer  Army  signals  analyst  for  the  NSA,  was 
arrested  for  selling  Tep  Secret  documents  te  the  Soviet  Union  from  1988  to  1991,  Including  a 
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manual  describing  US  reconnaissance  programs.  In  1996,  Robert  Stephen  Lipka,  also  a  former 
NSA  staff  member,  was  arrested  for  committing  espionage  while  an  Army  communications 
clerk.  Between  1 964  and  1 967,  Lipka  worked  in  the  NSA  central  communications  room.  He 
provided  the  KGB  with  a  constant  stream  of  highly  classified  reports,  and  is  believed  to  have 
caused  extensive  damage  to  US  intelligence  collection  activities.  Lipka  also  may  have  been 
responsible  for  the  loss  of  American  lives  during  the  Vietnam  War.®®  As  recently  as  1 2  February 
2004,  Specialist  Ryan  G.  Anderson,  a  member  of  the  Washington  State  National  Guard,  was 
arrested  after  offering  his  services  to  Al  Qaeda  via  the  Internet.'*® 

Although  traitors  have  always  existed,  until  recently  the  amount  of  damage  an  individual 
could  inflict  was  marginal.  IT  greatly  increases  opportunities  for  espionage  and  the  damage  that 
can  be  caused  by  a  single  traitor.  Since  the  preponderance  of  battlefield  message  traffic  is 
carried  over  the  SIPRNet,  these  cases  also  demonstrate  the  damage  that  insiders  can  inflict  on 
the  GIG  during  combat,  and  the  potential  loss  of  lives  that  could  result  from  infiltrating  DOD 
networks  or  tainting  data. 

HACKING  AND  OTHER  FORMS  OF  NON-COOPERATIVE  ACCESS 

“Digi  criminals  are  already  having  a  great  time.. .the  outlook  for  protection  is 
bleak.” 

— ^Arjen  Lenstra 

A  hacker  is  defined  as,  “a  person  who  “hacks”  away  at  a  programmable  system  (i.e., 
computer  system  and  applications  software)  until  it  works.  In  contemporary  lingo,  a  person  who 
breaks  into  computer  systems,  usually  over  the  lnternet.”(sic)'** 

A  hacker  can  initiate  an  attack  using  commercial  off-the-shelf  products,  or  even  hacker 
tools  from  the  Internet.  He  can  directly  attack  DOD  unclassified  systems  or  strike  indirectly  by 
conducting  a  strategic  attack  on  power  grids  or  other  public  utilities.'*®  Another  threat  to  the 
network  is  the  distributed  denial  of  service  attack,  in  which  a  web  server  is  bombarded  with 
huge  amounts  of  data  from  many  different  machines  with  the  intention  of  bringing  the  server 
down.  Malicious  code,  in  the  form  of  a  Trojan  horse  (a  program  that  overtly  does  one  thing  yet 
covertly  does  another),  a  virus  (a  Trojan  horse  that  spreads  an  infection  from  one  computer  to 
another),  or  a  worm  (a  program  that  spreads  copies  of  itself  as  a  stand-alone  program  through  a 
network),'*®  can  destroy  or  impede  systems  configurations  or  routines.'*'* 

The  DOD  Computer  Emergency  Response  Team  (CERT)  is  DOD’s  technical  Computer 
Network  Defense  Response  center.  Their  mission  is  to  protect  DOD  Networks  and  computer 
infrastructure.  They  maintain  global  situational  awareness  of  the  GIG  through  sensors  at  21 
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Internet  gateways  and  625  enclaves,  intelligence  and  hacker  source  research,  and  response 
center  input.  DOD  CERT  routinely  monitors  and  blocks  viruses,  such  as  KAK  and  Loveletter  in 
2000,  and  malicious  worms,  such  as  the  Chinese  Hacker  War  and  Code  Red  in  2001 

DOD  CERT  security  indicators  show  that  the  GIG  is  under  constant  attack.  The  following 
illustrations  reflect  malicious  activity  and  attacks  on  information  networks. 
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FIGURE  1  -  INTERNET  VIRUS  GROWTH  PER  MONTH 


Figure  1  shows  the  level  and  severity  of  malicious  code  across  the  Internet.  It  depicts  the 
total  number  of  viruses  compared  to  the  number  of  critical  or  dangerous  viruses  as  determined 
by  DOD  CERT.  A  virus  is  listed  as  “Wild”  by  WildList.org  when  it  is  reported  by  two  sources. 
DOD  CERT  reports  that  the  number  of  critical  is  increasing,  the  impact  of  each  critical  is 
increasing,'*®  and  the  speed  of  propagation  of  malicious  code  is  increasing,'**’  raising  the 
vulnerability  of  DOD  networks. 


FIGURE  2  -  DETECTED  EVENTS  ON  THE  NIPRNET 
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Figure  2  shows  the  overall  number  of  detected  events  on  the  NIPRNet.  In  the  past  ten 
years,  there  has  been  a  constant  growth  in  events  reported  by  DOD  CERT.  These  include  root 
and  user  level  compromises,  denial  of  service  attacks,  and  compromises  resulting  from  poor 
security  practices.  Although  this  increase  can  be  attributed  in  part  to  better  sensors  and 
reporting  procedures,  it  may  also  reflect  a  significant  increase  in  malicious  activity. 

DOD  CERT  uses  Internet  Protocol  (IP)  addresses  to  indicate  scanning  source  locations. 
On  6  April  2002,  an  IP  address  from  the  St.  Petersburg,  Russia  Public  Internet  Center  scanned 
over  50,000  DOD  hosts,  and  from  10  February  to  10  March  2002,  the  NEXCOM  Tron  in 
Yekaterinburg,  Russia  scanned  over  two  million  DOD  hosts.  These  are  indicators  of  threats 
from  around  the  world  searching  for  potential  vulnerabilities  to  DOD  networks.'^®  Recent 
statistics  from  January  2004  indicate  that  the  top  three  source  countries  for  unauthorized  probes 
are  the  US,  Korea,  and  China.  However,  this  may  not  represent  the  actual  source,  as  an 
attacker  may  hop  from  country  to  country,  nor  does  it  imply  government  involvement.®® 

ATTACKING  OUR  CRITICAL  INFRASTRUCTURE 

The  GIG  includes  systems  DOD  neither  owns  nor  controls.  Between  80  and  90  percent  of 
critical  infrastructure,  including  telecommunications,  is  either  owned  or  operated  by  private 
firms,  thereby  making  it  hard  for  DOD  to  control.  Yet  similar  human  vulnerabilities  occur  in  non- 
DOD  networks.  While  winning  the  global  war  on  terror  and  defending  the  homeland  remain  the 
primary  missions  of  the  military,  national  systems  and  corporations  are  having  difficulty  keeping 
hackers  out. 

Numerous  departments  and  agencies,  such  as  the  CIA,  the  Departments  of  Defense, 
Justice,  Treasury,  and  Commerce  have  a  stake  in  10.®'  As  they  become  increasingly 
automated  and  dependent  on  networks,  a  huge  vulnerability  arises.  This  includes  susceptibility 
to  cyber  attack.  Publicity  of  attacks  on  these  departments  is  increasing,  demonstrating  that 
while  we  are  the  most  technologically  advanced  nation,  we  are  also  the  most  technologically 
dependent.®®  As  recently  as  September  2003,  a  computer  virus  crippled  the  State  Department’s 
Consular  Lookout  and  Support  System,  known  as  CLASS.  CLASS  contains  over  12.8  million 
records  from  the  FBI  and  the  State  Department,  including  the  names  of  78,000  suspected 
terrorists.®®  The  government  also  confirmed  that  disruptions  occurred  in  two  important  internal 
systems  at  Lake  Erie’s  Davis-Besse  nuclear  power  plant  in  January  2003  resulting  from  the 
Slammer  infection.®'*  Corporations  are  also  experiencing  compromises  to  information  security 
following  cyber-attacks.  Riptech  Inc.,  a  security  firm  in  Alexandria,  Virginia,  reported  that 
Internet  attacks  against  private  organizations  jumped  28%  during  the  first  six  months  of  2002. 
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Most  attacks  targeted  technolegy,  finance,  and  power  companies.®®  A  1996  FBI  survey 
reported  that  $4.5  billien  was  lost  to  businesses  who  had  their  networks  compromised.  Ferty- 
two  percent  ef  all  businesses  experienced  attacks,  and  of  these,  58%  cited  competitors  as  the 
likely  attacker.®® 

Seme  argue  that  the  vulnerabilities  to  our  Interlinked  Infrastructure  are  blown  out  of 
proportion.  George  Smith,  editor  of  The  Crypt  Newsletter  an6  author  of  The  Virus  Creation 
Labs:  A  Journey  into  the  Underground,  suggests  that  an  “Electronic  Pearl  Flarbor”  Is  unlikely. 
Smith  notes  that  the  private  sector  will  not  disclose  much  Infcrmaticn  about  potential 
vulnerabilities,  often  because  they  are  embarrassed  about  compromises  to  their  networks  and 
the  potential  less  of  customers.  Many  of  the  Individuals  whe  suggest  a  problem  exists  are  in  the 
business  ef  selling  security  devices  and  are  not  in  a  position  to  serve  as  objective  seurces  of 
information.  Even  if  a  hacker  can  invade  a  system,  it  weuld  be  difficult  for  him  to  alter  a 
database  or  Issue  reports  without  inside  knowledge.  Additionally,  hoaxes  about  computer 
viruses  are  eften  prepagated  more  than  the  real  thing.  Inflating  the  numbers  and  adding 
cenfusien  over  what  is  real  and  what  Is  net.  In  other  werds,  It  Is  hard  to  measure  success  er 
even  the  extent  of  the  preblem.®'’  Flowever,  Smith  does  not  address  the  human  dimension  of 
network  security.  The  insider  threat,  for  example,  Is  a  significant  concern  which  cannot  be 
assumed  away. 

Others  predict  more  alarming  conclusiens.  Newt  Gingrich,  former  Speaker  of  the  Heuse 
and  member  ef  the  Commission  on  National  Security/21  st  Century,  writes  that  the  United  States 
faces  serious  threats  from  Internet-borne  weapons.  He  states  that  our  adversaries  are 
developing  methods  for  disrupting  our  quality  of  life,  from  infiltrating  our  financial  systems  to 
breaking  down  communications  systems  and  initiating  electrical  blackouts.  Such  an  attack 
could  result  in  serious  loss  of  life  and  widespread  damage  to  our  infrastructure,  potentially 
destabilizing  the  natien.  Gingrich’s  cemmissien  concluded  that  the  relative  ease  of  hacking 
increases  the  threat  of  cyber  attacks,  in  comparison  to  the  difficulty  of  developing  nuclear, 
chemical,  or  biological  weapons.®®  A  recent  survey  conducted  by  Pew  Internet  &  American  Life 
Project,  showed  that  many  Americans  fear  a  terrorist  cyber  attack.  50  percent  ef  adults  felt  our 
national  infrastructure  was  vulnerable  te  terrorist  hackers.  These  fears  are  backed  by 
technology  experts.  Paul  Henry,  vice  president  of  CyberGuard  Corp  concluded,  “I  think  there  is 
an  80%  probability  we  ceuld  see  an  attack  in  the  next  twe  years.’’®® 
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RECOMMENDATIONS 

“Information  Networks  must  be  controlled,  protected,  and  managed  as  effectively 
as  weapons  systems.” 

— LtGen  Harry  D.  Raduege,  DISA  Director 

Given  the  critical  role  played  by  the  GIG  in  today’s  warfighting  environment,  reliable 
protection  of  data  and  the  defense  of  our  networks  are  essential.  DOD  is  in  the  process  of 
implementing  several  lA  GIG  initiatives  to  counter  the  threats  and  vulnerabilities  to  our 
networks.  Many  of  these  changes  are  long  overdue  and  the  possible  lA  implications  associated 
with  these  emerging  security  technologies  are  significant.  An  enormous  effort  remains  to  be 
done  at  the  organizational  and  individual  level. 

HEIGHTENED  SECURITY  AWARENESS  AND  INSIDER  PROTECTION 

High-tech  network  equipment  requires  high  quality  training  for  users  who  must  apply  the 
concepts  of  lA  to  protect  DOD  networks  and  stay  ahead  of  our  adversaries.®'’  Network  security 
professionals  must  be  certified  on  security  standards  and  procedures.  Information  must  be 
recompartmentalized  so  that  access  control  of  the  private  differs  from  the  general .  Another 
solution  is  to  have  fewer  access  points  and  restrictions  for  certain  individuals,  or  have  access 
based  on  rank,  position,  or  nationality.®’  Although  all  of  these  measures  are  being  done  now 
and  the  guidance  is  there,  people  still  make  mistakes.®^  FSO  continues  to  find  differing  levels  of 
completeness  in  organizations’  training  and  certification  requirements,  and  annual  refresher 
training  is  rare.®® 

The  first  line  of  defense  for  network  users  is  implementation  of  access  control  measures 
such  as  secure  passwords.  Another  access  control  measure  is  the  Fortezza  card,  a  common 
access  card  which  secures  sensitive  but  unclassified  data  for  transmission  over  unsecured 
networks.  Passwords  should  be  at  least  8  characters  long,  alphanumeric,  and  changed 
regularly  to  prevent  them  from  being  machine-guessed.  DOD  has  an  8  character  password 
standard,  although  FSO  has  found  organizations  in  violation  of  DOD’s  policy.  ®''  Use  of  software 
products  that  check  passwords  for  compliance  is  growing  but  is  not  universal.®®  Nor  is  the  use 
of  Fortezza  cards. 

The  installation  of  a  firewall  will  allow  only  selected  gateways  to  have  access  to  the 
outside  world.  Other  methods  for  improving  computer  network  defense  include  ports  and 
protocols  configuration  control  to  block  selected  ports,  anti-virus  software,  and  intrusion 
detection  systems  to  cope  with  malicious  inputs.®®  DOD  has  implemented  these  measures. 
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although  the  use  ef  additional  firewalls  beyond  the  enclave  perimeter  and  the  use  of  personal 
firewalls  on  traveling  laptops  are  rare.®^ 

Netwerk  security  is  not  just  an  individual  responsibility.  Military  leaders  and  managers  in 
beth  government  and  the  private  sector  must  ensure  users  complete  lA  training  before  being 
given  access  to  a  system,  and  then  receive  annual  refresher  training  to  keep  pace  with 
technelogy  upgrades  and  the  discovery  of  new  vulnerabilities.  Leaders  must  implement  and 
enforce  censistent  policies  and  procedures  in  computer  security  with  significant  consequences 
for  offenders.  Commanders  must  be  held  responsible  for  a  lack  of  security  in  their  organization. 
Although  most  people  in  the  military,  the  government,  and  cerporate  America  work  with 
information  systems,  cemputer  security  is  still  practiced  half-heartedly. 

Additionally,  commanders  must  make  an  operational  risk  assessment,  striking  a  balance 
between  all  net  centric  (1 00%  accessibility  to  our  networks)  and  no  net  centric  (0% 
accessibility).  Reducing  the  cennectivity  of  the  netwerk  to  reduce  vulnerabilities  alse  decreases 
the  power  of  the  network.  On  the  other  hand,  increasing  network  security  will  restrict  access 
and  also  increase  response  time,  arguably  decreasing  operational  capability.  If  the  commander 
gives  up  connectivity  to  increase  security,  he  is  essentially  taking  steps  backwards  regarding 
network-centric  warfare.  For  example,  installing  a  firewall  to  increase  security  reduces 
connectivity  because  less  packets  will  be  allowed  to  pass  through.  Password  protection  and 
Fortezza  cards  also  reduce  connectivity  because  users  will  forget  their  passwords  or  lose  their 
Fertezza  cards.  Ultimately,  we  decide  how  many  voluntary  reductions  in  connectivity  we  want  in 
order  to  increase  security.  This  is  the  access/security  tradeoff. 

Many  of  the  same  measures  needed  to  heighten  security  awareness  for  users  should  be 
used  to  protect  DOD  networks  from  insiders.  In  addition  to  using  access  centrol  measures  such 
as  secure  passwords  and  Fortezza  Cards,  another  helpful  but  inevitably  partial  improvement 
might  be  for  commanders  to  ensure  enly  selected  people  have  access.  Fer  example,  more  and 
more  individuals  are  using  the  SIPRNet,  increasing  the  probability  that  someone  will  be 
negligent  or  commit  espionage.  Arguably,  such  an  individual  with  access  to  the  SIPRNet  ceuld 
cause  significant  damage  to  US  military  operations  possibly  resulting  in  the  loss  of  American 
lives.  As  the  SIPRNet  grows,  perimeter  security  must  be  built  internally  within  its  enclaves  to 
compartmentalize  infermation  and  access.  Physical  measures,  such  as  access  badges  and 
secure  deors  should  also  be  used  as  aggressively  as  possible  to  limit  access. 

FSO  has  also  found  that  configuration  management  programs  do  not  exist  in  most 
organizations.®®  Software  initiatives  will  potentially  help  with  cenfiguration  management,  thereby 
impreving  DOD’s  lA  posture.^®  MIT  responded  to  insider  threats  by  intreducing  Kerberes,  a 
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network  authentication  protocoi  that  protects  passwords  and  other  sensitive  information  through 
the  use  of  cryptography.  Kerberos  uses  Data  Encryption  Standard  (DES)  to  encrypt,  and  reiies 
on  a  centrai  authentication  server  for  security.  interviews  with  experts  indicate  that  Kerberos 
is  a  tremendous  security  tooi  with  an  excelient  reputation. 

Human  vuinerabiiities  cannot  be  soived  with  technoiogicai  soiutions  aione.  Without 
examining  the  insider  probiem  and  deveioping  new  methods  of  insider  risk  management,  our 
criticai  information  systems  wiii  remain  vuinerabie  to  espionage  or  sabotage  by  insiders. 
Leaders  must  conduct  initiai  pre-empioyment  screening  of  empioyees,  to  include  collecting  trait 
information  and  conducting  a  criminal  records  check.  They  must  establish  rules  of  conduct  to 
guide  employees  on  right  and  wrong  behavior  and  give  supervisors  the  recourse  to  punish  rule 
violations.  Leaders  must  ensure  that  systems  administrators  revoke  access  privileges  of 
selected  employees  prior  to  lay-off  announcements.  Ultimately,  the  highest  mitigating  factor 
that  reduces  the  likelihood  of  an  insider  attack  is  intervention  by  supervisors,  co-workers,  family 
or  friends.  Intervention  might  lead  to  counseling  or  even  medical  assistance,  and  may  prevent 
network  disasters  from  occurring.^^  But  presumably,  all  these  measures  were  in  use  for  the 
espionage  cases  cited  earlier,  yet  they  failed. 

TRANSFORMATIONAL  GIG  INITIATIVES  AND  DOCTRINAL  CHANGES 

Numerous  transformational  GIG  initiatives  are  underway  to  avert  network  vulnerabilities 
and  make  it  easier  for  users  to  do  the  right  thing.  These  include  Internet  Protocol  Version  6,  a 
network  layer  protocol  which  will  improve  end-to-end  security  and  quality  of  service.  The  DOD 
Cryptographic  Modernization  Initiative  is  leveraging  new  technology,  such  as  secure  voice  and 
key  management,  to  provide  lA  solutions  to  protect  the  GIG  and  the  critical  information 
contained  therein.^® 

Still,  it  is  difficult  to  measure  success  and  determine  if  these  actions  are  sufficient.  Even  if 
hacking  as  a  whole  is  reduced,  one  hacker  can  still  cause  tremendous  damage.  And  we  often 
do  not  know  when  penetration  occurs .  This  has  profound  consequences  to  our  Armed  Forces. 
During  World  War  II,  Enigma  provided  Churchill  advance  warning  of  a  German  air  strike  on 
Coventry,  yet  he  chose  to  sacrifice  lives  rather  than  reveal  to  Hitler  that  the  Allies  had  cracked 
the  unbreakable  Enigma  code.^"*  For  much  of  the  war,  the  Germans  failed  to  realize  Enigma 
had  been  compromised.  Just  as  the  Allies  had  knowledge  of  Enigma  messages  in  World  War 
II,  today  an  adversary  could  have  access  to  GIG  message  traffic  without  our  knowledge. 
Although  NIPRNet  traffic  is  more  routine  than  SIPRNet  traffic,  infiltration  of  the  NIPRNet  in  the 
form  of  a  denial  of  service  attack  or  malicious  code  can  still  damage  the  GIG,  and  user  trust  and 
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confidence  in  DOD  networks  and  data.  Even  redundant  iines  of  communication  cannot  heip  if 
data  has  been  tainted.  For  exampie,  if  a  commander  uses  SiPRNet  traffic  for  targeting 
purposes,  he  expects  the  data  to  be  timeiy,  accurate,  and  consistent,  if  his  data  has  been 
corrupted,  it  can  affect  his  situationai  awareness  and  put  his  soidiers  at  risk. 

This  aiso  has  an  impact  on  a  miiitary  in  transformation,  which  is  in  the  process  of 
reorganizing  into  even  smailer  moduiar  units.  Smailer  conventionai  forces  have  iess  inherent 
firepower  making  them  more  vuinerabie  to  attack.  Smaiier  units  aiso  have  iess  human 
knowiedge  power.  This  creates  additionai  chaiienges  for  units  reiying  on  technoiogy  and 
information  processing  to  conduct  operations.  For  exampie,  when  networks  and  computers  go 
down,  Artiliery  units  wiii  have  more  difficuity  conducting  fire  missions.^®  Without  the  giobai 
positioning  system,  units  wiii  have  more  difficuity  maneuvering.  Our  Armed  Forces  must  be 
prepared  for  network  faiiures  and  train  in  these  conditions.  They  must  understand  the 
Commander’s  Intent  and  have  the  initiative  to  carry  on  with  their  mission  when  networks  go 
down. 

Another  iimitation  on  expioiting  technoiogy  is  the  parochiai  organization  system  found  in 
the  miiitary,  which  tends  to  adapt  siowiy.  Yet  transformation  must  be  accompanied  by 
changes  in  doctrine,  cuiture,  and  behavior.  Computer  network  operations  is  a  new,  sensitive, 
and  compiex  mission  with  unique  chaiienges.  The  changing  nature  of  warfare,  caused  by  both 
the  end  of  the  Coid  War  and  advances  in  technoiogy,  brings  with  it  new  fieids  of  expertise  for 
military  professionais.^^  The  Army  must  invest  in  her  empioyees  to  adapt  to  the  10  environment, 
and  deveiop  a  strategy  for  10  to  support  force  deveiopment.  However,  training  and  educating 
personnei  on  10  often  takes  a  back  seat  to  operationai  requirements.  Even  today,  many  senior 
commanders  are  unabie  to  grasp  the  fuii  utiiity  of  iO. 

Interviews  with  experts  have  aiso  reveaied  that  despite  DOD's  transformationai  GIG 
initiatives,  toois  such  as  firewails  are  often  pushed  out  after  the  fact,  decreasing  their 
effectiveness  in  protecting  DOD  networks.  Aithough  the  threats  to  the  GIG  are  growing, 
network  support  staffs  are  being  downsized.^®  In  most  organizations,  manpower  and  funding  to 
impiement  lA  is  resourced  on  an  ad  hoc  basis.  Including  lA  in  the  command’s  Pianning, 
Programming,  and  Budgeting  System  (PPBS)  is  rare.®° 

Conceivabiy,  a  ione  fanatic  or  sophisticated  adversary  can  create  the  cyberspace 
equivaient  of  a  9/1 1  sneak  attack,  paraiyzing  our  communications  systems  and  the  GIG.  The 
reality  that  human  vulnerabilities  can  threaten  our  critical  infrastructure  creates  a  new  national 
defense  problem  and  makes  our  traditional  means  of  deterrence  unworkable.  Deterrence  works 
if  there  is  a  group  or  country  that  can  be  retaliated  against  for  unacceptable  behavior.  However, 
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if  the  opponent  is  a  ione  individuai,  then  conventionai  miiitary  strikes  are  not  an  option.  We 
need  a  new  pubiic-private  partnership  te  confront  the  vuinerabiiities  to  our  networks.®' 
Organizations,  such  as  the  Department  of  Commerce's  Criticai  Infrastructure  Assurance  Office 
and  the  FBI’s  National  Infrastructure  Protection  Center,  were  established  to  educate  civilian 
industry  and  improve  critical  infrastructure  protection.  Unfortunately,  ceoperation  between  the 
government  and  the  civil  sector  is  lacking,  and  progress  to  protect  our  critical  infrastructure  is 
slower  than  desired.®® 

These  are  all  useful  and  important  steps.  At  the  margin,  they  will  improve  security.  But 
ncthing  can  repeal  human  nature.  The  mest  technically  secure  network  in  the  world  can  still  be 
undene  by  an  unreliable  insider,  and  we  have  never  been  able  to  guarantee  100%  persennel 
reliability.  There  will  always  be  the  occasienal  spy;  some  eperators  will  always  be  careless  er 
tired  or  overworked  leading  to  compromises  in  DOD  networks. 

CONCLUSION 

Growing  confidence  in  advancing  technology  has  made  both  politicians  and  the  public 
alike  believe  that  extreme  technological  superiority  is  the  answer  te  the  problems  ef  war,  and 
that  our  downsized  military  can  accemplish  any  mission  with  high-tech  weaponry  and  network¬ 
centric  warfare.  However,  evidence  shows  that  the  GIG  is  fragile.  Threats  to  DOD  networks 
are  increasing  with  the  number  of  attacks  and  the  speed  of  propagation  of  malicious  code. 
Furthermore,  DOD  CERT  statistics  and  interviews  with  experts  indicate  that  the  determined 
hacker  has  successfully  gotten  into  our  networks,  particularly  the  NIPRNet.  Human  behavior 
being  what  it  is,  the  NIPRNet  and  even  the  SIPRNet  will  remain  vulnerable.  If  the  SIPRNet  is 
better  pretested  than  the  NIPRNet,  it  is  a  difference  of  degree,  not  kind. 

This  has  serious  implications  to  our  military's  force  structure.  Because  of  their  reduced 
manpower,  smaller  conventional  forces  have  less  inherent  firepewer  and  knowledge  power,  and 
are  therefore  more  vulnerable  to  attack,  particularly  if  the  networks  and  data  they  are  relying  on 
have  been  compremised.  What  if  a  small  unit  from  OIF  relied  on  a  SIPRNet  terminal.  Blue 
Ferce  Tracking,  or  a  similar  device  cennected  te  the  GIG  te  conduct  combat  operations?  What 
if  another  terminal  connected  to  the  GIG  was  turned  ever  by  an  insider,  was  captured  by  the 
enemy  (like  the  Enigma),  or  the  data  was  intercepted  or  corrupted  by  an  Iraqi  hacker?  Without 
perfect  data,  the  unit’s  situational  awareness  would  become  distorted,  leading  to  possible 
cemmand  and  control  problems  er  even  the  less  ef  American  lives. 

Although  measures  such  as  DOD’s  transfcrmational  GIG  initiatives  are  being 
implemented  to  mitigate  threats  to  DOD  networks,  despite  our  best  efferts,  the  risks  will  never 
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be  completely  eliminated.  Human  vulnerabilities  In  the  Information  domain  are  an  unsolvable 
Achilles’  heel.  Our  senior  leaders  must  understand  that  DOD  networks  will  never  be  1 00% 
secure.  Perhaps  we  should  reconsider  transformation  Initiatives  relating  to  force  structure  in 
light  of  a  more  systematic  analysis  of  all  the  threats  to  our  Information  systems,  to  include  the 
human  threat.  There  are  only  so  many  approaches  to  network  security.  Human  vulnerabilities 
underlie  them  all. 
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